|
Roy S. Rapoport
mod_python at ols.inorganic.org
Thu Jun 5 11:12:50 EST 2003
On Thu, Jun 05, 2003 at 10:51:29AM -0700, Irene Ponti wrote: > I have to put into a SQL database the content of some > variables coming from an Internet form. > > If this variables have some caracters as ' or " > inside, the sql server return an error because the > query is not in correct sintax. > > Now in php exist a standard function that add slashes > in front of ' or " in a variable and another that > remove slashes. > > Is there in python a function like this? Yes. No. Maybe. How are you accessing the database? I'm using MySQLdb; I just confirmed that it automatically adds the proper escapist magic to make this stuff just plain work. I'm guessing that, depending on the module you're using to access the database, it may offer the proper mechanisms (much like in Perl's DBD/DBI, there's a database-specific way to escape strings). -roy
|